Replace PSA error code definitions with the ones defined in PSA spec
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 93f8968..25c3cb4 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -193,7 +193,7 @@
* the policy has been saved to persistent storage. Implementations
* may defer saving the policy until the key material is created.
* \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_OCCUPIED_SLOT
+ * \retval #PSA_ERROR_ALREADY_EXISTS
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -285,7 +285,7 @@
* Success. The application can now use the value of `*handle`
* to access the newly allocated key slot.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p lifetime is invalid, for example #PSA_KEY_LIFETIME_VOLATILE.
* \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -322,7 +322,7 @@
* to access the newly allocated key slot.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_OCCUPIED_SLOT
+ * \retval #PSA_ERROR_ALREADY_EXISTS
* There is already a key with the identifier \p id in the storage
* area designated by \p lifetime.
* \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -401,7 +401,7 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The key slot is invalid,
* or the key data is not correctly formatted.
- * \retval #PSA_ERROR_OCCUPIED_SLOT
+ * \retval #PSA_ERROR_ALREADY_EXISTS
* There is already a key in the specified slot.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -470,7 +470,7 @@
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
* The handle is to a key slot which does not contain key material yet.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
@@ -554,7 +554,7 @@
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
@@ -641,7 +641,7 @@
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The key is neither a public key nor a key pair.
* \retval #PSA_ERROR_NOT_SUPPORTED
@@ -710,9 +710,9 @@
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_OCCUPIED_SLOT
+ * \retval #PSA_ERROR_ALREADY_EXISTS
* \p target already contains key material.
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
* \p source does not contain key material.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The policy constraints on the source, on the target and
@@ -1071,7 +1071,7 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
@@ -1128,7 +1128,7 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c key is not compatible with \c alg.
@@ -1373,7 +1373,7 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
@@ -1432,7 +1432,7 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
@@ -1660,7 +1660,7 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
@@ -1716,7 +1716,7 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The ciphertext is not authentic.
* \retval #PSA_ERROR_NOT_PERMITTED
@@ -2034,7 +2034,7 @@
* \param output_length Number of bytes to output.
*
* \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INSUFFICIENT_CAPACITY
+ * \retval #PSA_ERROR_INSUFFICIENT_DATA
* There were fewer than \p output_length bytes
* in the generator. Note that in this case, no
* output is written to the output buffer.
@@ -2076,7 +2076,7 @@
* Success.
* If the key is persistent, the key material and the key's metadata
* have been saved to persistent storage.
- * \retval #PSA_ERROR_INSUFFICIENT_CAPACITY
+ * \retval #PSA_ERROR_INSUFFICIENT_DATA
* There were fewer than \p output_length bytes
* in the generator. Note that in this case, no
* output is written to the output buffer.
@@ -2088,7 +2088,7 @@
* implementation in general or in this particular slot.
* \retval #PSA_ERROR_BAD_STATE
* \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_OCCUPIED_SLOT
+ * \retval #PSA_ERROR_ALREADY_EXISTS
* There is already a key in the specified slot.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -2172,7 +2172,7 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c key is not compatible with \c alg,
@@ -2233,7 +2233,7 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c private_key is not compatible with \c alg,
@@ -2332,7 +2332,7 @@
* If the key is persistent, the key material and the key's metadata
* have been saved to persistent storage.
* \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_OCCUPIED_SLOT
+ * \retval #PSA_ERROR_ALREADY_EXISTS
* There is already a key in the specified slot.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index 0578664..20cd4b4 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -754,7 +754,7 @@
* that make up the key data.
*
* \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
index 9b44d6a..29c9853 100644
--- a/include/psa/crypto_types.h
+++ b/include/psa/crypto_types.h
@@ -47,8 +47,13 @@
* This is either #PSA_SUCCESS (which is zero), indicating success,
* or a nonzero value indicating that an error occurred. Errors are
* encoded as one of the \c PSA_ERROR_xxx values defined here.
+ * If #PSA_SUCCESS is already defined, it means that #psa_status_t
+ * is also defined in an external header, so prevent its multiple
+ * definition.
*/
+#ifndef PSA_SUCCESS
typedef int32_t psa_status_t;
+#endif
/**@}*/
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 2ae72e0..d42d8c2 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -40,25 +40,17 @@
* @{
*/
-#if !defined(PSA_SUCCESS)
-/* If PSA_SUCCESS is defined, assume that PSA crypto is being used
- * together with PSA IPC, which also defines the identifier
- * PSA_SUCCESS. We must not define PSA_SUCCESS ourselves in that case;
- * the other error code names don't clash. This is a temporary hack
- * until we unify error reporting in PSA IPC and PSA crypto.
- *
- * Note that psa_defs.h must be included before this header!
- */
+/* PSA error codes */
+
/** The action was completed successfully. */
#define PSA_SUCCESS ((psa_status_t)0)
-#endif /* !defined(PSA_SUCCESS) */
/** An error occurred that does not correspond to any defined
* failure cause.
*
* Implementations may use this error code if none of the other standard
* error codes are applicable. */
-#define PSA_ERROR_UNKNOWN_ERROR ((psa_status_t)1)
+#define PSA_ERROR_GENERIC_ERROR ((psa_status_t)-132)
/** The requested operation or a parameter is not supported
* by this implementation.
@@ -67,7 +59,7 @@
* parameter such as a key type, algorithm, etc. is not recognized.
* If a combination of parameters is recognized and identified as
* not valid, return #PSA_ERROR_INVALID_ARGUMENT instead. */
-#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)2)
+#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134)
/** The requested action is denied by a policy.
*
@@ -80,7 +72,7 @@
* not valid or not supported, it is unspecified whether the function
* returns #PSA_ERROR_NOT_PERMITTED, #PSA_ERROR_NOT_SUPPORTED or
* #PSA_ERROR_INVALID_ARGUMENT. */
-#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)3)
+#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133)
/** An output buffer is too small.
*
@@ -92,23 +84,19 @@
* buffer would succeed. However implementations may return this
* error if a function has invalid or unsupported parameters in addition
* to the parameters that determine the necessary output buffer size. */
-#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)4)
+#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138)
-/** A slot is occupied, but must be empty to carry out the
- * requested action.
+/** Asking for an item that already exists
*
- * If a handle is invalid, it does not designate an occupied slot.
- * The error for an invalid handle is #PSA_ERROR_INVALID_HANDLE.
- */
-#define PSA_ERROR_OCCUPIED_SLOT ((psa_status_t)5)
+ * Implementations should return this error, when attempting
+ * to write an item (like a key) that already exists. */
+#define PSA_ERROR_ALREADY_EXISTS ((psa_status_t)-139)
-/** A slot is empty, but must be occupied to carry out the
- * requested action.
+/** Asking for an item that doesn't exist
*
- * If a handle is invalid, it does not designate an empty slot.
- * The error for an invalid handle is #PSA_ERROR_INVALID_HANDLE.
- */
-#define PSA_ERROR_EMPTY_SLOT ((psa_status_t)6)
+ * Implementations should return this error, if a requested item (like
+ * a key) does not exist. */
+#define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t)-140)
/** The requested action cannot be performed in the current state.
*
@@ -118,9 +106,9 @@
*
* Implementations shall not return this error code to indicate
* that a key slot is occupied when it needs to be free or vice versa,
- * but shall return #PSA_ERROR_OCCUPIED_SLOT or #PSA_ERROR_EMPTY_SLOT
+ * but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST
* as applicable. */
-#define PSA_ERROR_BAD_STATE ((psa_status_t)7)
+#define PSA_ERROR_BAD_STATE ((psa_status_t)-137)
/** The parameters passed to the function are invalid.
*
@@ -129,20 +117,20 @@
*
* Implementations shall not return this error code to indicate
* that a key slot is occupied when it needs to be free or vice versa,
- * but shall return #PSA_ERROR_OCCUPIED_SLOT or #PSA_ERROR_EMPTY_SLOT
+ * but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST
* as applicable.
*
* Implementation shall not return this error code to indicate that a
* key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE
* instead.
*/
-#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)8)
+#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135)
/** There is not enough runtime memory.
*
* If the action is carried out across multiple security realms, this
* error can refer to available memory in any of the security realms. */
-#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)9)
+#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141)
/** There is not enough persistent storage.
*
@@ -151,7 +139,7 @@
* many functions that do not otherwise access storage may return this
* error code if the implementation requires a mandatory log entry for
* the requested action and the log storage space is full. */
-#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)10)
+#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)-142)
/** There was a communication failure inside the implementation.
*
@@ -168,7 +156,7 @@
* cryptoprocessor but there was a breakdown of communication before
* the cryptoprocessor could report the status to the application.
*/
-#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)11)
+#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145)
/** There was a storage failure that may have led to data loss.
*
@@ -193,13 +181,13 @@
* permanent storage corruption. However application writers should
* keep in mind that transient errors while reading the storage may be
* reported using this error code. */
-#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)12)
+#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146)
/** A hardware failure was detected.
*
* A hardware failure may be transient or permanent depending on the
* cause. */
-#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)13)
+#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147)
/** A tampering attempt was detected.
*
@@ -230,7 +218,7 @@
* This error indicates an attack against the application. Implementations
* shall not return this error code as a consequence of the behavior of
* the application itself. */
-#define PSA_ERROR_TAMPERING_DETECTED ((psa_status_t)14)
+#define PSA_ERROR_TAMPERING_DETECTED ((psa_status_t)-151)
/** There is not enough entropy to generate random data needed
* for the requested action.
@@ -249,7 +237,7 @@
* secure pseudorandom generator (PRNG). However implementations may return
* this error at any time if a policy requires the PRNG to be reseeded
* during normal operation. */
-#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)15)
+#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148)
/** The signature, MAC or hash is incorrect.
*
@@ -259,7 +247,7 @@
*
* If the value to verify has an invalid size, implementations may return
* either #PSA_ERROR_INVALID_ARGUMENT or #PSA_ERROR_INVALID_SIGNATURE. */
-#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)16)
+#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149)
/** The decrypted padding is incorrect.
*
@@ -275,17 +263,15 @@
* as close as possible to indistinguishable to an external observer.
* In particular, the timing of a decryption operation should not
* depend on the validity of the padding. */
-#define PSA_ERROR_INVALID_PADDING ((psa_status_t)17)
+#define PSA_ERROR_INVALID_PADDING ((psa_status_t)-150)
-/** The generator has insufficient capacity left.
- *
- * Once a function returns this error, attempts to read from the
- * generator will always return this error. */
-#define PSA_ERROR_INSUFFICIENT_CAPACITY ((psa_status_t)18)
+/** Return this error when there's insufficient data when attempting
+ * to read from a resource. */
+#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143)
/** The key handle is not valid.
*/
-#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)19)
+#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136)
/**@}*/
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 5bf4f99..fd9f387 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -346,7 +346,7 @@
return( PSA_ERROR_HARDWARE_FAILURE );
default:
- return( PSA_ERROR_UNKNOWN_ERROR );
+ return( PSA_ERROR_GENERIC_ERROR );
}
}
@@ -742,7 +742,7 @@
return( status );
if( slot->type != PSA_KEY_TYPE_NONE )
- return( PSA_ERROR_OCCUPIED_SLOT );
+ return( PSA_ERROR_ALREADY_EXISTS );
*p_slot = slot;
return( status );
@@ -839,7 +839,7 @@
if( status != PSA_SUCCESS )
return( status );
if( slot->type == PSA_KEY_TYPE_NONE )
- return( PSA_ERROR_EMPTY_SLOT );
+ return( PSA_ERROR_DOES_NOT_EXIST );
/* Enforce that usage policy for the key slot contains all the flags
* required by the usage parameter. There is one exception: public
@@ -1001,7 +1001,7 @@
return( status );
if( slot->type == PSA_KEY_TYPE_NONE )
- return( PSA_ERROR_EMPTY_SLOT );
+ return( PSA_ERROR_DOES_NOT_EXIST );
if( type != NULL )
*type = slot->type;
if( bits != NULL )
@@ -3098,7 +3098,7 @@
size_t output_size,
size_t *output_length )
{
- psa_status_t status = PSA_ERROR_UNKNOWN_ERROR;
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
int cipher_ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
@@ -3855,7 +3855,7 @@
generator->capacity = 0;
/* Go through the error path to wipe all confidential data now
* that the generator object is useless. */
- status = PSA_ERROR_INSUFFICIENT_CAPACITY;
+ status = PSA_ERROR_INSUFFICIENT_DATA;
goto exit;
}
if( output_length == 0 &&
@@ -3867,7 +3867,7 @@
* INSUFFICIENT_CAPACITY, which is right for a finished
* generator, for consistency with the case when
* output_length > 0. */
- return( PSA_ERROR_INSUFFICIENT_CAPACITY );
+ return( PSA_ERROR_INSUFFICIENT_DATA );
}
generator->capacity -= output_length;
@@ -4400,7 +4400,7 @@
return( PSA_SUCCESS );
case PSA_ITS_ERROR_UID_NOT_FOUND:
- return( PSA_ERROR_EMPTY_SLOT );
+ return( PSA_ERROR_DOES_NOT_EXIST );
case PSA_ITS_ERROR_STORAGE_FAILURE:
return( PSA_ERROR_STORAGE_FAILURE );
@@ -4417,10 +4417,10 @@
return( PSA_ERROR_NOT_SUPPORTED );
case PSA_ITS_ERROR_WRITE_ONCE:
- return( PSA_ERROR_OCCUPIED_SLOT );
+ return( PSA_ERROR_ALREADY_EXISTS );
default:
- return( PSA_ERROR_UNKNOWN_ERROR );
+ return( PSA_ERROR_GENERIC_ERROR );
}
}
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index c151c5e..dad23c4 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -194,7 +194,7 @@
*
* \retval #PSA_SUCCESS
* The slot content was loaded successfully.
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
* There is no content for this slot in persistent storage.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -274,11 +274,11 @@
psa_status_t status;
status = persistent_key_setup( lifetime, id, handle,
- PSA_ERROR_EMPTY_SLOT );
+ PSA_ERROR_DOES_NOT_EXIST );
switch( status )
{
- case PSA_SUCCESS: return( PSA_ERROR_OCCUPIED_SLOT );
- case PSA_ERROR_EMPTY_SLOT: return( PSA_SUCCESS );
+ case PSA_SUCCESS: return( PSA_ERROR_ALREADY_EXISTS );
+ case PSA_ERROR_DOES_NOT_EXIST: return( PSA_SUCCESS );
default: return( status );
}
}
diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h
index 85881c1..9da009d 100644
--- a/library/psa_crypto_storage.h
+++ b/library/psa_crypto_storage.h
@@ -84,7 +84,7 @@
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
* \retval PSA_ERROR_INSUFFICIENT_STORAGE
* \retval PSA_ERROR_STORAGE_FAILURE
- * \retval PSA_ERROR_OCCUPIED_SLOT
+ * \retval PSA_ERROR_ALREADY_EXISTS
*/
psa_status_t psa_save_persistent_key( const psa_key_id_t key,
const psa_key_type_t type,
@@ -115,7 +115,7 @@
* \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
* \retval PSA_ERROR_STORAGE_FAILURE
- * \retval PSA_ERROR_EMPTY_SLOT
+ * \retval PSA_ERROR_DOES_NOT_EXIST
*/
psa_status_t psa_load_persistent_key( psa_key_id_t key,
psa_key_type_t *type,
diff --git a/library/psa_crypto_storage_backend.h b/library/psa_crypto_storage_backend.h
index 47896b8..83bd2f3 100644
--- a/library/psa_crypto_storage_backend.h
+++ b/library/psa_crypto_storage_backend.h
@@ -54,7 +54,7 @@
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_STORAGE_FAILURE
- * \retval PSA_ERROR_EMPTY_SLOT
+ * \retval PSA_ERROR_DOES_NOT_EXIST
*/
psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
size_t data_size );
@@ -73,7 +73,7 @@
* \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_STORAGE
* \retval PSA_ERROR_STORAGE_FAILURE
- * \retval PSA_ERROR_OCCUPIED_SLOT
+ * \retval PSA_ERROR_ALREADY_EXISTS
*/
psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
const uint8_t *data,
diff --git a/library/psa_crypto_storage_file.c b/library/psa_crypto_storage_file.c
index 87420be..a6e732d 100644
--- a/library/psa_crypto_storage_file.c
+++ b/library/psa_crypto_storage_file.c
@@ -118,7 +118,7 @@
key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
if( psa_is_key_present_in_storage( key ) == 1 )
- return( PSA_ERROR_OCCUPIED_SLOT );
+ return( PSA_ERROR_ALREADY_EXISTS );
file = fopen( temp_location, "wb" );
if( file == NULL )
@@ -186,7 +186,7 @@
file = fopen( slot_location, "rb" );
if( file == NULL )
- return( PSA_ERROR_EMPTY_SLOT );
+ return( PSA_ERROR_DOES_NOT_EXIST );
if( fseek( file, 0, SEEK_END ) != 0 )
{
diff --git a/library/psa_crypto_storage_its.c b/library/psa_crypto_storage_its.c
index 1873c69..f97a5d7 100644
--- a/library/psa_crypto_storage_its.c
+++ b/library/psa_crypto_storage_its.c
@@ -27,6 +27,7 @@
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
+#include "psa/error.h"
#include "psa/crypto.h"
#include "psa_crypto_storage_backend.h"
#include "psa/internal_trusted_storage.h"
@@ -43,7 +44,7 @@
return( PSA_SUCCESS );
case PSA_ITS_ERROR_UID_NOT_FOUND:
- return( PSA_ERROR_EMPTY_SLOT );
+ return( PSA_ERROR_DOES_NOT_EXIST );
case PSA_ITS_ERROR_STORAGE_FAILURE:
return( PSA_ERROR_STORAGE_FAILURE );
@@ -60,7 +61,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
case PSA_ITS_ERROR_WRITE_ONCE:
- return( PSA_ERROR_OCCUPIED_SLOT );
+ return( PSA_ERROR_ALREADY_EXISTS );
default:
return( PSA_ERROR_UNKNOWN_ERROR );
@@ -114,7 +115,7 @@
struct psa_its_info_t data_identifier_info;
if( psa_is_key_present_in_storage( key ) == 1 )
- return( PSA_ERROR_OCCUPIED_SLOT );
+ return( PSA_ERROR_ALREADY_EXISTS );
ret = psa_its_set( data_identifier, data_length, data, 0 );
status = its_to_psa_error( ret );
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 929d1b2..92b6fb0 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -419,10 +419,10 @@
size_t key_bits;
uint8_t *public_key = NULL;
size_t public_key_length;
- /* Return UNKNOWN_ERROR if something other than the final call to
+ /* Return GENERIC_ERROR if something other than the final call to
* psa_key_agreement fails. This isn't fully satisfactory, but it's
* good enough: callers will report it as a failed test anyway. */
- psa_status_t status = PSA_ERROR_UNKNOWN_ERROR;
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
PSA_ASSERT( psa_get_key_information( handle,
&private_key_type,
@@ -1027,7 +1027,7 @@
PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
TEST_EQUAL( psa_get_key_information( handle, NULL, NULL ),
- PSA_ERROR_EMPTY_SLOT );
+ PSA_ERROR_DOES_NOT_EXIST );
/* Import the key */
PSA_ASSERT( psa_import_key( handle, type,
@@ -1114,7 +1114,7 @@
/* Import the key again */
status = psa_import_key( handle, type, data, sizeof( data ) );
- TEST_EQUAL( status, PSA_ERROR_OCCUPIED_SLOT );
+ TEST_EQUAL( status, PSA_ERROR_ALREADY_EXISTS );
exit:
mbedtls_psa_crypto_free( );
@@ -1164,7 +1164,7 @@
status = psa_export_key( handle,
exported, export_size,
&exported_length );
- TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT );
+ TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
exit:
mbedtls_psa_crypto_free( );
@@ -1187,7 +1187,7 @@
PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
- TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT );
+ TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
exit:
psa_cipher_abort( &operation );
@@ -1220,7 +1220,7 @@
status = psa_export_key( handle,
exported, export_size,
&exported_length );
- TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT );
+ TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
exit:
mbedtls_psa_crypto_free( );
@@ -1248,7 +1248,7 @@
TEST_EQUAL( status, expected_import_status );
status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
- TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT );
+ TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
exit:
psa_cipher_abort( &operation );
@@ -1937,7 +1937,7 @@
/* Test that the target slot is unaffected. */
TEST_EQUAL( psa_get_key_information( target_handle,
&target_type, &target_bits ),
- PSA_ERROR_EMPTY_SLOT );
+ PSA_ERROR_DOES_NOT_EXIST );
PSA_ASSERT( psa_get_key_policy( target_handle, &target_policy ) );
TEST_EQUAL( target_usage, psa_key_policy_get_usage( &target_policy ) );
TEST_EQUAL( target_alg, psa_key_policy_get_algorithm( &target_policy ) );
@@ -3614,7 +3614,7 @@
PSA_ASSERT( psa_generator_read( &generator, buffer, capacity ) );
TEST_EQUAL( psa_generator_read( &generator, buffer, capacity ),
- PSA_ERROR_INSUFFICIENT_CAPACITY );
+ PSA_ERROR_INSUFFICIENT_DATA );
exit:
psa_generator_abort( &generator );
@@ -3632,7 +3632,7 @@
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
- == PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183
+ == PSA_ERROR_INSUFFICIENT_DATA ); // should be PSA_ERROR_BAD_STATE:#183
TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
== PSA_SUCCESS ); // should be PSA_ERROR_BAD_STATE:#183
@@ -3640,7 +3640,7 @@
PSA_ASSERT( psa_generator_abort( &generator ) );
TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
- == PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183
+ == PSA_ERROR_INSUFFICIENT_DATA ); // should be PSA_ERROR_BAD_STATE:#183
TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
== PSA_SUCCESS );// should be PSA_ERROR_BAD_STATE:#183
@@ -3713,14 +3713,14 @@
{
/* Reading 0 bytes when 0 bytes are available can go either way. */
TEST_ASSERT( status == PSA_SUCCESS ||
- status == PSA_ERROR_INSUFFICIENT_CAPACITY );
+ status == PSA_ERROR_INSUFFICIENT_DATA );
continue;
}
else if( expected_capacity == 0 ||
output_sizes[i] > expected_capacity )
{
/* Capacity exceeded. */
- TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_CAPACITY );
+ TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_DATA );
expected_capacity = 0;
continue;
}
@@ -3797,7 +3797,7 @@
/* Check that the generator refuses to go over capacity. */
TEST_EQUAL( psa_generator_read( &generator, output_buffer, 1 ),
- PSA_ERROR_INSUFFICIENT_CAPACITY );
+ PSA_ERROR_INSUFFICIENT_DATA );
PSA_ASSERT( psa_generator_abort( &generator ) );
@@ -4033,7 +4033,7 @@
PSA_ASSERT( psa_generator_read( &generator,
output, actual_capacity ) );
TEST_EQUAL( psa_generator_read( &generator, output, 1 ),
- PSA_ERROR_INSUFFICIENT_CAPACITY );
+ PSA_ERROR_INSUFFICIENT_DATA );
exit:
psa_generator_abort( &generator );
@@ -4161,7 +4161,7 @@
psa_key_type_t got_type;
size_t got_bits;
psa_status_t expected_info_status =
- expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_EMPTY_SLOT;
+ expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
PSA_ASSERT( psa_crypto_init( ) );
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function
index e19ef2b..2fa307e 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.function
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.function
@@ -138,7 +138,7 @@
/* Check key slot storage is removed */
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
TEST_EQUAL( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle ),
- PSA_ERROR_EMPTY_SLOT );
+ PSA_ERROR_DOES_NOT_EXIST );
TEST_EQUAL( handle, 0 );
/* Shutdown and restart */
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data
index c545617..e937465 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.data
+++ b/tests/suites/test_suite_psa_crypto_slot_management.data
@@ -35,7 +35,7 @@
Open failure: non-existent identifier
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_EMPTY_SLOT
+open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_DOES_NOT_EXIST
Open failure: volatile lifetime
open_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index 0ebdb1e..0278b88 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -178,7 +178,7 @@
break;
case CLOSE_BY_DESTROY:
TEST_EQUAL( psa_open_key( lifetime, id, &handle ),
- PSA_ERROR_EMPTY_SLOT );
+ PSA_ERROR_DOES_NOT_EXIST );
break;
}
@@ -223,7 +223,7 @@
/* Attempt to create a new key in the same slot. */
TEST_EQUAL( psa_create_key( lifetime, id, &handle2 ),
- PSA_ERROR_OCCUPIED_SLOT );
+ PSA_ERROR_ALREADY_EXISTS );
TEST_EQUAL( handle2, 0 );
if( reopen_policy == CLOSE_AFTER )
@@ -436,7 +436,7 @@
/* Copy the key. */
TEST_EQUAL( psa_copy_key( source_handle, target_handle, NULL ),
- PSA_ERROR_EMPTY_SLOT );
+ PSA_ERROR_DOES_NOT_EXIST );
/* Test that the slots are unaffected. */
PSA_ASSERT( psa_get_key_policy( source_handle, &got_policy ) );
@@ -514,7 +514,7 @@
/* Copy the key. */
TEST_EQUAL( psa_copy_key( source_handle, target_handle, NULL ),
- PSA_ERROR_OCCUPIED_SLOT );
+ PSA_ERROR_ALREADY_EXISTS );
/* Test that the target slot is unaffected. */
PSA_ASSERT( psa_get_key_information( target_handle,
@@ -579,7 +579,7 @@
/* Copy the key. */
TEST_EQUAL( psa_copy_key( handle, handle, NULL ),
- PSA_ERROR_OCCUPIED_SLOT );
+ PSA_ERROR_ALREADY_EXISTS );
/* Test that the slot is unaffected. */
PSA_ASSERT( psa_get_key_information( handle,
diff --git a/tests/suites/test_suite_psa_crypto_storage_file.data b/tests/suites/test_suite_psa_crypto_storage_file.data
index 730e092..4b068e1 100644
--- a/tests/suites/test_suite_psa_crypto_storage_file.data
+++ b/tests/suites/test_suite_psa_crypto_storage_file.data
@@ -24,7 +24,7 @@
PSA Storage Store into preexisting location, should fail
depends_on:MBEDTLS_FS_IO
-write_data_to_prexisting_file:"psa_key_slot_1":"deadbeef":PSA_ERROR_OCCUPIED_SLOT
+write_data_to_prexisting_file:"psa_key_slot_1":"deadbeef":PSA_ERROR_ALREADY_EXISTS
PSA Storage Store, preexisting temp_location file, should succeed
depends_on:MBEDTLS_FS_IO
@@ -40,4 +40,4 @@
PSA Storage Get data size nonexistent file location, should fail
depends_on:MBEDTLS_FS_IO
-get_file_size:"deadbeef":4:PSA_ERROR_EMPTY_SLOT:0
+get_file_size:"deadbeef":4:PSA_ERROR_DOES_NOT_EXIST:0